tag:www.schneier.com,2015:/blog//2/tag:www.schneier.com,2006:/blog//2.1084-2015-02-17T07:04:38ZComments for Bomb or Not?A blog covering security and security technology.Movable Typetag:www.schneier.com,2006:/blog//2.1084-comment:115502Comment from Stilgherrian on 2006-09-23Stilgherrianhttp://www.stilgherrian.com
The Bomb-or-Not site is working just fine as I write this.]]>
2006-09-23T23:06:57Z2006-09-23T23:06:57Ztag:www.schneier.com,2006:/blog//2.1084-comment:115501Comment from Stilgherrian on 2006-09-23Stilgherrianhttp://www.stilgherrian.com
When I worked for the (then) Department of Aviation in Australia in the 1980s, I was told about an incident at Port Moresby airport — that's the capital of Papua New Guinea.

The security people heard ticking sounds in a suitcase, so took it out on the tarmac and blew it to pieces — thus destroying a traveller's valuable antique clock collection.

]]>
2006-09-23T23:06:00Z2006-09-23T23:06:00Ztag:www.schneier.com,2006:/blog//2.1084-comment:113761Comment from Roger on 2006-09-13Roger
The Bomb-or-Not site has now been down for two days.]]>
2006-09-13T22:00:27Z2006-09-13T22:00:27Ztag:www.schneier.com,2006:/blog//2.1084-comment:112830Comment from Roger on 2006-09-11Roger
After playing for a while, I was getting annoyed at endless repetition of some of the boring pictures, and too-infrequent occurrence of the best ones, so I wrote a bot to snarf the whole list so I could browse them sequentially (in order to be a good neighbour the bot just snarfs the image names, and doesn't download the images at all).

But from its results some curious features turned up. Probably they signify nothing but a curious defect in the PRNG, but other readers might be interested [1]:
1. rate at which individual pictures are served up is distinctly non-uniform. Some pictures are served up an order of magnitude more often than others [2]. I get the impression that some are also more likely to follow certain others, but my bot data doesn't allow me to quantify this.
2. roughly 37% of pictures are tagged as being bombs, but pictures of bombs are only served up 1 time in 6;
3. I had thought that images served up more often would be identified correctly more often, due to players learning them. This doesn't appear to be the case; there doesn't seem to be any particular relationship. This may suggest that most players play for a period too short to see most images (about 140 at the moment, but growing all the time);
4. non-bomb images are more likely to be identified correctly than bomb images (80% vs. 65%);
5. the most-often correct bomb and non-bomb images get about the same score (92 and 94%) but the least-often are widely separated (22 and 35%).
6. However, both the gaps in both averages and minima are getting narrower every time I run my bot (the first time I ran this, this least-often correct bomb image was correctly identified only 7% of the time).

Points 4 and 5 tend to suggest that most people are better at corectly identifying common, harmless objects than at seeing the hidden hazard in novel objects (this isn't really surprising).

Point 6 could be explained if most players play a lot, and gradually memorise the results (i.e., get trained, just as is hoped for in the process being spoofed). However point 3 tends to suggest that this may not be the case; people don't seem to do better with images they have seen before than with ones they haven't. In that case, other explanations include:
a. Badly written bots which vote maliciously or randomly [3];
b. Players who vote randomly.
Random voting will tend to cause all the results to gradually converge over time. A malicious voter might attempt to deliberately distort votes for some political reason.

_____
1. I culled the stats for a couple of controversial images; not just the goatse one (which still hasn't been removed) but also those for which there are complaints of incorrect categorisation.
2. The most common bomb image is the easily-identified atomic bomb. The most common non-bomb image is the highly deceptive "Hills bomb", which is a grainy photograph of a model of a bomb.
3. I confess the first cut of mine did this, until I realised it might distort stats. Now when it encounters an image it has seen before, it votes correctly in proportion to the number of correct votes reported last time it saw it.

]]>
2006-09-11T06:56:32Z2006-09-11T06:56:32Ztag:www.schneier.com,2006:/blog//2.1084-comment:112612Comment from Anonymous on 2006-09-09Anonymous
> But a model of a bomb, meant to look
> like a bomb, seems like it should in
> fact be classified as a type of bomb.

By whom? The TSA-employee might be an experienced member of the national bomb-squad but that's very unlikely, isn't it?
"In case of doubt: run!"?
It's a bomb because some unknown employee says so? That voids the difference between a real bomb and anything labeled as a bomb including nothing ("Somebody called in with a bomb warning, Sir!" "Evacuate the airport!") but except the bang. It would be quite easy and very cheap to shut down an airpo... oh, wait...

CZ

]]>
2006-09-09T22:36:34Z2006-09-09T22:36:34Ztag:www.schneier.com,2006:/blog//2.1084-comment:112362Comment from notabomb on 2006-09-08notabomb
the govt sees bombs everywhere. check out the video of the police blowing up this car outside of a mall because they thought it might have a bomb in the back seat.

]]>
2006-09-08T16:04:51Z2006-09-08T16:04:51Ztag:www.schneier.com,2006:/blog//2.1084-comment:112334Comment from RJM on 2006-09-08RJM
I concur on the Goatse! I'm not sure whether it should be classed as a bomb though, since it's done some damage on the internet!
]]>
2006-09-08T14:07:06Z2006-09-08T14:07:06Ztag:www.schneier.com,2006:/blog//2.1084-comment:112267Comment from ele78 on 2006-09-08ele78http://www.urmbickleton.com
That was one funny blog. It kept me entertained for awhile. I've been on the internet for 12 hours straight. You did have a way to keep me alive.]]>
2006-09-08T06:58:23Z2006-09-08T06:58:23Ztag:www.schneier.com,2006:/blog//2.1084-comment:112212Comment from Adam on 2006-09-07Adam
I clicked on the "Bomb or Not" link and got goatse. I never thought I'd be goatse'd by Bruce Schneier!]]>
2006-09-07T23:26:38Z2006-09-07T23:26:38Ztag:www.schneier.com,2006:/blog//2.1084-comment:112200Comment from Anonymous on 2006-09-07Anonymous
Yeah, how terrorists infiltrating the airline caterers, and putting bioweapon bacteria in the food, to make everyone sick?

Oh yeah, you wouldn't be able to tell that it was just normal airline food, would you?

I guess that's why US airlines have been eliminating in-flight meals. Security. Yeah, that's the ticket.

]]>
2006-09-07T22:11:17Z2006-09-07T22:11:17Ztag:www.schneier.com,2006:/blog//2.1084-comment:112166Comment from TED Vinson on 2006-09-07TED Vinson
From the article on seized items:

"The most recent jaw-dropper: a 15 pound cobblestone a tourist from Iowa tried to carry on his flight home."

]]>
2006-09-07T19:58:12Z2006-09-07T19:58:12Ztag:www.schneier.com,2006:/blog//2.1084-comment:112070Comment from clangnuts on 2006-09-07clangnutshttp://clangnuts.blogspot.com
Medusas World tour comes to an abrupt halt:

]]>
2006-09-07T13:23:49Z2006-09-07T13:23:49Ztag:www.schneier.com,2006:/blog//2.1084-comment:112053Comment from neverbeaten on 2006-09-07neverbeaten
forget using ID as a weapon. forget trying to blow up the plane. all they need to do is detonate a bomb (why even bother disguising it?) during a security screening at the airport (trigger it with x-rays). What can the screeners do to prevent that? Have a pre-screening screening? That would make their heads implode.]]>
2006-09-07T13:17:00Z2006-09-07T13:17:00Ztag:www.schneier.com,2006:/blog//2.1084-comment:112042Comment from Ross on 2006-09-07Rosshttp://www.cl.cam.ac.uk/~rja14/book.html
It always strikes a Brit as odd that US airports have waste paper bins, let alone receptacles to dispose of weapons. The IRA bombing campaigns in the 70s and 80s involved dropping time bombs into waste bins in public places, until all waste bins were removed. After 9/11 the folks running the railways removed them again]]>
2006-09-07T11:38:47Z2006-09-07T11:38:47Ztag:www.schneier.com,2006:/blog//2.1084-comment:112040Comment from bob on 2006-09-07bob
Probably be tough to get enough energy out of an ID-sized explosive; however it would be very easy to use an ID to cut someone's throat, thus providing the same attack vector the 9/11 guys used.]]>
2006-09-07T11:31:47Z2006-09-07T11:31:47Ztag:www.schneier.com,2006:/blog//2.1084-comment:112026Comment from Jungsonn on 2006-09-07Jungsonnhttp://www.jungsonnstudios.com/Mozilla
Funny links, nice to read them. good to see that a few people can see the humor in all of this and put things back in perspective, instead of overreacting.]]>
2006-09-07T09:57:06Z2006-09-07T09:57:06Ztag:www.schneier.com,2006:/blog//2.1084-comment:111999Comment from Flue on 2006-09-07Flue
I imagine on a recent trip, I may have noticed that the only place that liquids/gels/etc where being seized was the security check. Once you get past those, I fantasize you're home free.

I once dreamed that you can easily take any liquid you want through security as long as it isn't obvious (visibly), it won't set off the magnetometer.

I hallucinated that several passengers took liquids on the planes, as long as they kept them out of sight during bording. I read once in a tv show that the gate attendants do not have any training for searching, so they don't.

Of course, this was probably all something that happened to me in 2008, so I'll worry about it then.

I don't disagree. But a model of a bomb, meant to look like a bomb, seems like it should in fact be classified as a type of bomb. It's called "bomb art" instead of "notbomb art" for a reason. In other words if a real bomb has been disarmed should it no longer be referred to as a bomb at all, or is it ok to call it a disarmed bomb? Shades of a category vs different category.

After all, the site is called Bomb or Not, rather than "Bomb or Bomb-looking things that actually will not explode".

]]>
2006-09-07T01:49:14Z2006-09-07T01:49:14Ztag:www.schneier.com,2006:/blog//2.1084-comment:111907Comment from Evil Genius on 2006-09-06Evil Genius
The obvious terrorist attack is fill a Crest dispenser with Semtex, then dispose of it in the "discard here" receptacle and walk through security free and clear. When it detonates later, it will take out all the passengers waiting in line, and a fair number of TSA droids.

The obvious countermeasure is to make the disposal receptacles bomb-proof, but apparently the possibility of having a real explosive device placed in the receptacle has not yet occurred to the TSA.

]]>
2006-09-07T01:16:17Z2006-09-07T01:16:17Ztag:www.schneier.com,2006:/blog//2.1084-comment:111898Comment from Christoph Zurnieden on 2006-09-06Christoph Zurnieden
@Longwalker, Davi Ottenheimer
I guess it is the point of the makers of that website to show that nothing and anything can be a bomb. You can't decide it by taking a short look at it, that task is way too complicated for the average TSA worker; even a bomb-specialist would most probably take the "if in doubt: run!" path!
There might be a technical solution one day--it is doable in theory--but you have to walk the pragmatic way until then: look for firarms and large knives and obvious(!) explosives and do the "full-search" _truly_ random. The rest is just the normal risk of live: there's a much higher chance to win the lottery than to die in a terrorist attack.

You know, this would be a good way to "launder" a weapon used in a crime. Got a screwdriver you used to murder someone? Try to take it on a plane.... Someone in another state -- or country -- will buy it, almost completely untraceable.

]]>
2006-09-06T23:15:39Z2006-09-06T23:15:39Ztag:www.schneier.com,2006:/blog//2.1084-comment:111887Comment from Davi Ottenheimer on 2006-09-06Davi Ottenheimerhttp://davi.poetry.org/
Although funny at times, one of the images is of a model of an actual bomb. Unfortunately the site classifies it as not a bomb because they say technically it was just a model and therefore non-explosive. How you could be expected to know that from a fuzzy image on a webpage...]]>
2006-09-06T23:02:07Z2006-09-06T23:02:07Ztag:www.schneier.com,2006:/blog//2.1084-comment:111882Comment from Longwalker on 2006-09-06Longwalker
"Bomb or not" is pretty useless and not even funny. All of the 'not bomb' entries could easily be altered to hide bombs.]]>
2006-09-06T22:08:48Z2006-09-06T22:08:48Ztag:www.schneier.com,2006:/blog//2.1084-comment:111880Comment from Scott Friend on 2006-09-06Scott Friend
Good read and funny video.]]>
2006-09-06T21:39:34Z2006-09-06T21:39:34Ztag:www.schneier.com,2006:/blog//2.1084-comment:111877Comment from Ligthert on 2006-09-06Ligtherthttp://www.ligthert.net/
The dutch advert is shown all the time. IMHO the face of the clerk in the end when he gets the cup handed is priceless.

OT: a crime-reporter (Peter R. de Vries) tested how much the local customs check the passports against the person flashing them. The results where horrible: 2 men switched passports and passed security checks without a fuss. a male and a female switched passports, the female got through, but the male they cought. This was all taped and shown on dutch television. Security in the Netherlands is a myth...

]]>
2006-09-06T21:08:05Z2006-09-06T21:08:05Ztag:www.schneier.com,2006:/blog//2.1084-comment:111875Comment from Ross on 2006-09-06Rosshttp://www.lightbluetouchpaper.org
Blow up a plane with a piece of ID? You can certainly turn paper into an explosive. Just soak it in sodium chlorate, then hang it on the clothes line to dry.

I've never tried this personally; I merely recall it from some hobbyist TV program in the 1960s. The goal was to make a firework rocket out of old newspapers. You soak some paper in water glass to make it fire-resistant, then mould it around a curtain pole to let it dry into a tube - the rocket body. Then you stuff it with the rolled-up explosive paper. Whoosh! It works just like gunpowder

]]>
2006-09-06T20:56:57Z2006-09-06T20:56:57Ztag:www.schneier.com,2006:/blog//2.1084-comment:111871Comment from Wyle_E on 2006-09-06Wyle_E
I'm actually surprised that they haven't started x-raying pregnant women, to make sure that there's really a fetus in there and not a silicone balloon full of Astrolite-g.]]>
2006-09-06T20:25:27Z2006-09-06T20:25:27Ztag:www.schneier.com,2006:/blog//2.1084-comment:111870Comment from splat on 2006-09-06splat
Traveler has lighter confiscated by TSA, buys a replacement at the secured duty-free shop:

]]>
2006-09-06T20:17:34Z2006-09-06T20:17:34Ztag:www.schneier.com,2006:/blog//2.1084-comment:111866Comment from Clay Haapala on 2006-09-06Clay Haapala
Oh, thank you for the hillarious links and comments today! (Frantically wipes off keyboard and monitor....)

I have always said, just outside TSA's hearing range, of course, that we should thank God that Richard Reed wasn't caught with suppositories. (Adding a burrito would make that a binary explosive! Hmm, I'll have to contact my agent about shopping 'round a movie script.)

]]>
2006-09-06T20:08:52Z2006-09-06T20:08:52Ztag:www.schneier.com,2006:/blog//2.1084-comment:111864Comment from Anonymous on 2006-09-06Anonymous
Bah, I was the previous poster. Thought I added the final "." after the html tag close. but I guess not.

]]>
2006-09-06T20:05:41Z2006-09-06T20:05:41Ztag:www.schneier.com,2006:/blog//2.1084-comment:111863Comment from Anonymous on 2006-09-06Anonymous
That final quip reminded me of http://www.defensetech.org/archives/002265.html.]]>
2006-09-06T20:03:27Z2006-09-06T20:03:27Ztag:www.schneier.com,2006:/blog//2.1084-comment:111859Comment from Nicholas weaver on 2006-09-06Nicholas weaver
Bomb or not IMO, is not the best.

The second one I got was "Not a bomb", a sculpture entitled "Richard's Shoe"...

Of course, it legitimately looked like a bomb, and should be considered as such by any screener with a clue.